Distributors

Over two months after Italian surveillance software maker Hacking Team had its internal data leaked by hackers, vendors are apparently still fixing zero-day exploits from the company's arsenal.

On Tuesday, Microsoft published 12 security bulletins covering 56 vulnerabilities in the new Edge browser, Internet Explorer, Windows, Office, Skype for Business, .NET Framework and some of its other software products.

One of those vulnerabilities, identified as CVE-2015-2509, was located in the Windows Media Center and had zero-day status -- it was publicly disclosed before the patch was released.

In the accompanying security bulletin Microsoft says that despite the public disclosure, the company "had not received any information to indicate that this vulnerability had been publicly used to attack customers."

However, a working and reliable exploit for it was found in the leaked Hacking Team data and the company ran a service through which it shared zero-day exploits with its customers for use in the deployment of surveillance software.

In July, security researchers searching through the leaked Hacking Team files found exploits for six zero-day vulnerabilities: three in Flash Player, two in Windows and one in Internet Explorer. Some of those exploits were quickly adopted by various groups of attackers after being leaked.

According to security researchers from Trend Micro, who reported the newly patched Windows Media Center vulnerability to Microsoft, an exploit for it was found in Hacking Team's data.

Based on a description found in the company's leaked emails, the exploit was quite recent because it had been tested against Windows Media Center running on Windows 8.1, 8 and 7 with the April 2015 security updates installed.

The exploit consists of a specifically crafted Media Center link (.mcl) file and could be delivered to targeted users in different ways including as a download from a website, by e-mail or via instant messaging applications, the Trend Micro researchers said in a blog post Tuesday.

Creating malicious .mcl files that would exploit this vulnerability can easily be done using a text editor like Notepad, they said. "For example, we created a .MCL file that contained instructions that will launch the computer’s calculator."

Since information about the exploit has been available on the Internet for over a month, due to the Hacking Team leak, cybercriminals might start using it in attacks, the Trend Micro researchers said. "We recommend users avoid opening any files with the .MCL file extension, especially from unverified sources."

ARN Distributor Directory

ARN Vendor Directory

Slideshows

Selling the benefits of the software-defined data centre

In looking ahead to the future of the data centre, a software-defined reality is emerging. This exclusive ARN roundtable, in association with APC by Schneider Electric, Cisco, HPE, Lenovo and Veritas, assessed the benefits of selling a software-defined data centre strategy, uncovering the key market trends and ongoing partner opportunities.

The channel toasted the top performing players within the Australian market during 2017, as the 11th running of the ARN ICT Industry Awards kicked off with a Champagne Reception at the Hyatt Regency in Sydney - sponsored by Westcon-Comstor and Juniper Networks.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.